Role Responsibility Matrix
Defined security responsibilities for every role in the organization.
| Category | CEO / Exec | CISO | AppSec | DevOps | Project Lead | Developer | Auditor |
|---|---|---|---|---|---|---|---|
| Strategy & Policy | Approve | Author | Implement | Implement | Adopt | Adopt | Review |
| Risk Management | Accept (high) | Own register | Assess | Mitigate | Communicate | Report | Review |
| Vulnerability Mgmt | — | Govern | Triage | Remediate (infra) | Allocate | Remediate (code) | Sample |
| Incident Response | Notify | Lead | Investigate | Contain | Support | Support | Review post-mortem |
| Compliance | Sign-off | Own program | Evidence | Evidence | Cooperate | Cooperate | Audit |
| Training | Champion | Define | Deliver | Complete | Enforce | Complete | Verify |
| Change Mgmt | — | Govern | Review | Implement | Approve | Execute | Sample |